bolkedebruin
commented
3 years ago This requires a patch to the gateway. At the moment only OpenID connect is supported. I might do this in a couple of weeks, but obviously open to have it as a PR.
Closed apiening closed 2 years ago
bolkedebruin
commented
3 years ago This requires a patch to the gateway. At the moment only OpenID connect is supported. I might do this in a couple of weeks, but obviously open to have it as a PR.
apiening
commented
3 years ago Thank you vor your response. This feature would be really nice to have. I have seen discussions where users were asking for SSH tunneling support to connect to internal machines securely, especially from Guacamole. Having a RDP gateway with basic authentication would solve that issue.
I don‘t see myself in the position to be able to provide a PR. But I would like to test the implementation and provide feedback when this functionality gets available in an experimental stage.
Tigger2014
commented
3 years ago I would really like to see this also for auth purposes.
If a basic with method is added i think it would also be a good base for people to write other auth providers for
mrfreezer
commented
3 years ago i would also vote in favour of this if there isnt any other way for setting up a completely identical replacement for the original microsoft rdp gateway,
i would very much like this to be as it is with the commercial product:
you enter your rdp-host and your rdp-gateway plus your domain\username and passwort and it connects as if you were using an original microsoft rdp gateway.
ingo
jrsmile
commented
2 years ago i would also vote for this, my usage case would be a single executable i can start as windows service which only allows access to 127.0.0.1 so a singlehost windows box anywhere can be accessed via https instead of rdp. this makes firewalling of a remote host much more practical.
bolkedebruin
commented
2 years ago User / password authentication is now possible by setting Authentication to local and running the included rdpgw-auth service (as root / setuid). This will verify users against PAM so will only work on Linux/OSX/BSD.
I'm looking for a solution to connect securely to internal RDP servers from remote using Apache Guacamole.
My idea is to run this rdpgw on a non standard port and configure the firewall so that it is only publicly reachable from the Guacamole server.
Apache Guacamole does support Remote Desktop Gateways which are configurable with Hostname/IP, Port, Username, Password and Domain. As far as I know there is no special support for certificate based authentication or OpenID or anything other than Username / Password authentication.
Is it possible to configure this RDP Gateway implementation, so that it would work under the given circumstances?